Friday, August 12, 2011

Unlike other web-based applications, the OpenSSO/OpenAM login page itself has a timeout value. The clock starts ticking when users land on this page. If users do not login before the timeout, the "Your session has timed out" will be displayed. The default value is 120 seconds.

How can we increase this value? This is the most common question from customer.

Change timeout from 120 to 300. I personally think 5 minutes is a reasonable value. Why would one come to a Central Single Sign-On page to do nothing? Most probably, one would want to authenticate and be quickly redirected to the intended application.

I somehow had this impression that a timeout value of 0 implies there will be no session timeout. With this impression, I implemented this solution for one of my customer in one of the local ministries. The feedback was the Login Page times out even faster. Strange! :)

After much debug, I then realized 0 is not an accepted value. If 0 is input, a default value of 60 seconds will be applied.

Tuesday, August 2, 2011

OpenAM 9.5.3 stable release was released today. The download link is here.

Prior to this stable release, I was using 9.5.3 RC1 for a demo and discovered a weird behavior. Luckily, it's gone in 9.5.3 stable release.

The issue only happened when an external configuration data store is used. In my case, I was using OpenDJ 2.4.2.

As with any default OpenAM installation, the log level was set to ERROR. I wanted to debug my deployment, thus I went ahead to set the log level from ERROR to MESSAGE via the OpenAM Administration Console.

Set Debug Level to "Message".

Everything ran fine. The verbose logging was output. However, once I restarted the web container, I'll not be able to get to the Login page anymore.